JP2004528789A - Service management system shutdown - Google Patents

Abstract

A system and method for blocking unauthorized special service calls (FIG. 3) in a long distance telephone system is disclosed. The automatic number identifier (ANI) of the starting number within the local telephone company (LEC) can be used to include certain special service calls by including the ANI in the special service call number record in the long distance carrier's Service Management System (SMS) database. You are blocked from calling the number. The ANI to be blocked is selected from unauthorized control based on a certain network traffic flow threshold. When the switching element at the long distance carrier searches the SMS record for a particular special service call, it is determined whether the start of the call matches the ANI of the SMS record. If so, the call is blocked.

Description

【background】
[0001]
1. TECHNICAL FIELD This application relates generally to telecommunications, and more particularly to detecting and terminating unauthorized special service calls in telecommunications networks.
2. 2. Description of the Related Art A typical telecommunications network consists of multiple telecommunications facilities located throughout a geographical area. When a user places a call, the call may be routed through various facilities and switches before reaching its destination. The telephone number that the user dials provides information on how to route the call.
[0002]
As an example, consider a user making a long distance call. Typically, a user dials a 10 digit number, such as 1-516-555-1234, known as a DDD (Direct Long Distance Dial) number. The format of the DDD number can be expressed as 1-NPA-NXX-XXXX, where NPA (Numbering Area Plan) relates to the geographic location of the recipient and NXX requires that the call be routed. There is a central office switch, which pertains to the terminating switch.
[0003]
However, modern telecommunications networks offer many services beyond direct long distance dialing. The long distance carrier provides special services to the customer, such as free call calling, calling card calling, special rate calling, etc. Special service call processing, such as "700", "800" and "900" telephone calls I will provide a.
[0004]
The "800" number is an automated call routing service provided by long distance carriers. Generally, the "800" number allows callers to have call redirection features such as conference, consultation, and blind transfer. In the best known embodiment, the "800" number permits the user to reverse the bill so that the payee, rather than the caller, pays the telephone charge for the call. The "800" service is valuable to large enterprises and other entities because customer calls may be directed to any of a number of corporate locations in an efficient manner. Using this special "800" service, the caller dials a 10 digit number in form 1-800-NXX-XXX. Since "800" does not specify a particular geographic area, or NPA, therefore, those first digits ("800") are referred to as a service access code (SAC).
[0005]
FIG. 1 is a diagrammatic representation of the routing of a special service long distance call using an "800" number. The call originates at the user's telephone 10 and is routed through the local telephone company (LEC) 20. LEC refers to a regional telephone company such as a regional telephone operator (RBOC). LEC provides local communication services to its customers. Long-distance communication for telephone calls is provided by an interchange carrier (IXC) 30, such as MCI-Worldcom. The IXC interfaces with the LEC at an access point (POP) within the LEC. A POP is a physical location in the LEC where the IXC provides access to long distance networks. After switching via LEC switches 22 and 24, the call is determined to be an "800" number.
[0006]
At this point, the serving LEC 20 must access the centralized service management system (SMS) database 100 to obtain routing information about the call. In FIG. 1, the centralized SMS is the Bellcore SMS 100 because the Bellcore SMS100 serves as the centralized SMS for the LEC. During this access, the LEC 20 checks to see if the starting Automatic Number Identifier (ANI) is blocked from calling to a particular "800" number, as well as downloading information regarding call routing. . In fact, the LEC 20 may maintain its own SMS record that is periodically downloaded from the Bellcore SMS 100.
[0007]
When the LEC determines the appropriate routing information for the "800" call, the call is routed to the appropriate POP 25, which forwards the call at the IXC switch 31 into the appropriate IXC network. The IXC switch 31 signals the service switching and control point (SSCP) 41 with the caller's dialed long distance "800" telephone number and automatic number identifier (ANI). SSCP 41 is part of switching and routing 40 used in telecommunications networks. One example is an element of the Signaling System 7 (SS7) network, which is known in the art. SSCP 41 receives and processes telephone calls using intelligent peripheral device (IP) 42 to provide a call processing application. SSCP also uses service data points (SDP) 45 for storage and retrieval of data related to call processing. The SDP 45 is part of an IXC Service Management System (IXC SMS) 50 that provides network information, database management, and management support for the IXC network 30.
[0008]
The IXC SMS 50 maintains and updates various service points. The primary responsibility of the IXC SMS 50 is to respond to queries from switching points, such as the IXC switches 31-34 and the bridge switch 35, for the data required to fully route the call. SSCP 41 retrieves and returns the routing number for IXC switches 31-34, which IXC switches 31-34 use to access the regional routing tables. The IXC switches 31-34 obtain special routing information from the local routing table and use that information to forward the call. For example, a call may fly from IXC switch 31 via IXC network 30 to IXC switch 34 via IXC switches 32 and 33, where the call exits IXC network 30. At that point, the call enters LEC 60 at POP 65, from where the call is switched through LEC switches 62 and 64 until it finally connects to telephone unit 70.
[0009]
In the example, there is one SDP, one SSCP and several IXC switches, but there is no limitation on the configuration of the network infrastructure. For example, some SSCPs may use one SDP, or each IXC switch may have its own SSCP. The purpose of the schematic in FIG. 1 is to give a broad concept of the elements used in telecommunications networks. Only the appropriate elements are considered.
[0010]
A special service call may or may not require an intelligent service network (ISN) platform to complete the call process. In FIG. 1, a call requesting ISN platform 90 is routed to bridge switch 35 in IXC network 30. ISN platform 90 performs any additional call processing required. For example, a calling card call is routed to ISN 90 because an account number and personal identification number (PIN) can be entered and compared to database records. As shown in FIG. 1, the ISN 90 is similarly connected to a network connected to the switching and routing control 40 element for retrieving routing data and an SMS 50 for retrieving billing information. The "800" calling card call may be first routed through the bridge switch 35 to an automatic call distributor (ACD) 91, where the call being serviced by the ISN 90 is parked. There, the call is authorized and validated, and information is collected to accurately route and bill the call. The call is then released back to the IXC network 30.
[0011]
While beneficial in many respects, ironically, the convenience of the "800" number system can be used to perpetuate fraud. One type of "800" number fraud is the unauthorized use of customer premises equipment (CPE), described below. In some cases, customers may incur fraudulent charges amounting to $ 100,000 over the weekend. To maintain good relations with the public, long distance carriers (IXC) often take most of the responsibility for these calls. CPE-related and other fraud losses are estimated to exceed 2 billion annually.
[0012]
CPE-related fraud occurs when a third party gains illegal access to a customer's PBX (private branch exchange) and steals the dial tone to make an outgoing call. Of course, "800" numbers are the preferred way to get into their PBX because even calls that hack into the system are free. Outgoing calls are charged to the owner of the CPE regardless of the start of the call. From a financial perspective, the worst and most expensive forms of abuse include international calling.
[0013]
An example of a CPE-related "800" number fraud is shown in FIG. The routing of the call from the hacker 200 via the two LECs is the same. As shown in FIG. 2, the call is routed through the IXC switches 31, 32, 33 and 34 before reaching the LEC 60 where the call jumps from the LEC switch 64 to the LEC switch 62 and Reach the victim's PBX. When the "800" number call reaches the corporate customer's PBX 250, the hacker 200 dials the extension of someone who knows that he is not there. The call is not answered and is forwarded to the voice messaging system (VMS) 252. At this point, the hacker may, for example, press the "*" and "T" buttons on his phone to request a call transfer. In some PBX systems, this activates a call forwarding feature that prompts the hacker 200 to enter an extension number followed by a # symbol. The hacker responds by entering the first digit of the phone number the hacker wants to reach, and finally the key access code digit followed by the # symbol. The PBX 250 selects the main line to originate and dials the first digit according to the start of the digits of the primary access code. When the hacker is connected to the main line, he dials the remaining digits. In FIG. 2, the completed phone number is Chinese phone 299. Thus, the call is routed out of the PBX, returns via the LEC 60, and ends at the Chinese telephone 299 via the IXC switches 34 and 36. As far as the telephone system is concerned, the call originates from the PBX 250, not from the hacker 200. Thus, the billing record states that the owner of PBX 250 makes an expensive long-distance call to China and is not hacker 200.
[0014]
The most fraudulent plans leave evidence of evidence. For example, when a hacker attempts the fraudulent plan detailed above, the hacker usually does not know the exact key access code to the PBX 250, so the hacker tries different combinations of numbers to get out of the main line. , PBX250 repeatedly. Thus, in a short time, the network will find a long, repeated short call from a particular ANI to a particular "800" number. Most fraudulent controls operate by setting a threshold value for such actions. An alert is generated if there are more than a certain number of calls from a particular ANI to the "800" number in a short time. The alert is sent to either a fraudulent analyst who analyzes the action and decides to block future calls from the ANI to the "800" number, or an automated program that can make similar decisions. There are various warnings for different actions. In the above example, if the hacker 200 succeeds in entering the PBX 250, a series of telephone calls from that PBX to China may initiate an alert.
[0015]
Either the LEC or the IXC may detect the fraud and determine that the ANI should be blocked from calling the special service number. Once a determination is made, the information is forwarded to Bellcore SMS 100 (see FIG. 1). However, it takes a certain time for the information to be recorded in the Bellcore SMS 100. And even after being recorded at Bellcore SMS 100, it may take additional time for information to pass to LEC 20, especially if LEC 20 maintains its own SMS database. The time difference between the detection of fraud and the record of the blocked ANI allows hackers to succeed in their activities.
[0016]
One problem with this system is that LEC is a guardian of the "800" gateway. When a "800" call is authorized and validated by LEC 20, IXC network 30 simply routes the call and tracks billing information. However, as described above, the IXC rogue control unit finds warnings and suspicious starting ANIs before they are reported to Bellcore SMS 100, which in turn reports them to LEC 20. This means that a fraudulent starting ANI proceeds through the reporting system phase, but more calls can be made to that particular "800" number from that starting ANI.
[0017]
Therefore, there is a need for a system and method to more quickly and efficiently prevent unauthorized special service calls. Further, a system and method for detecting and stopping illegal "800" number calls from a particular starting ANI without waiting for the blocked starting ANI / "800" number combination to be reported to the LEC. There is a need for
[0018]
One object of the present invention is to provide an improved system and method for blocking unauthorized calls from a particular initiating ANI in a telecommunications system.
[0019]
It is another object of the present invention to provide a system and method for blocking a starting ANI from making a specific "800" number call in an IXC network in a telecommunications system.
[0020]
To achieve the above and other objects, a system and method for blocking unauthorized special service calls in a long distance telephone system is disclosed. The Automatic Number Identifier (ANI) of the starting number within the local telephone company (LEC) can be used to include a special service call number by including the ANI in the special service call number record in the long distance carrier service management system (SMS) database. Blocked from calls to. The ANI to be blocked is selected by the fraud control analyst based on certain network traffic flow thresholds. When the switching element in the long distance carrier searches the SMS record for a particular special service call, it is determined whether the start of the call corresponds to the ANI of the SMS record. If so, the call is blocked.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS
[0021]
In the following description, the term "network" is a brief description of the collection of databases, trunks and telephone lines, routers, switches, protocols and computers required to construct a telecommunications network.
[0022]
Briefly, the preferred embodiment adds an additional field to the IXC SMS database so that a particular starting ANI is blocked from calling to a particular "800" number.
[0023]
In the prior art, the IXC SMS 50 maintained routing and billing information for "800" numbers and other special service calls. In the preferred embodiment of the invention, the IXC SMS record for the "800" number has an additional field. For example, the number "1-800-999-1111" includes, apart from including routing and billing information, also the unlimited number of the starting ANI to be blocked from "1-800-999-1111" calls. It has an IXC SMS record.
[0024]
In a preferred embodiment of the present invention, the call data records are constantly censored by IXC fraud control to detect patterns of fraud. For calls to a specific "800" number, the sum of short calls, the sum of long calls, the sum of all types of calls, and the sum of the sums from all types of calls are May be censored. Further, dangerous elements may be assigned to calls from a particular NPA-NXX or country. If the analysis of the different risk factors indicates that a particular starting phone number or ANI is probably the cause of the fraud, that ANI is added to the "Bad ANI" field of the IXC SMS record with that particular "800" number. Thus, the fraudulent ANI is blocked from making fraudulent calls to its "800" number.
[0025]
As an example, consider that hacker 200 is attempting to access outside the main line of PBX 250 in FIG. Since hackers usually do not know the exact external mainline access number, they repeat the call, trying a new access code for each call. In this example, the threshold for repeated short term calls is assumed to be 40. At the 40th (40 ^th ) call, a threshold alert presents suspicious activity and suddenly occurs at fraud 392. At this point, either the fraud analyst or the automation program may review the billing record and history of the starting ANI and conclude that the hacker is attempting to gain unauthorized access to the PBX with the ending "800" number. Good. The fraud analyst or automation program enters the hacker's starting ANI in the "Bad ANI" field of the IXC SMS "800" number record. If the hacker attempts the 41 ^th call (41 ^th ), the IXC switch 31 contacts the SSCP 41 for routing information. SSCP 41 queries SDP 45, which in turn queries the IXC SMS 50 database. The IXC SMS reports that the particular starting ANI is blocked from calling to its ending "800" number. Thereafter, the IXC switch disconnects the call or forwards it to ISN platform 90 for further investigation.
[0026]
In the prior art, the fraudulent ANI needs to be reported to Bellcore SMS 100, which reports it to LEC 20. This can take long enough that a hacker may discover the access code of an external main line before LEC 20 blocks the "800" number from the hacker's ANI. The preferred embodiment of the present invention allows for the unauthorized and fast blocking of "800" numbers.
[0027]
As those skilled in the art will appreciate, many elements of the telecommunications network have been omitted as not relevant to the preferred embodiment of the present invention. These and other details have been omitted in detail not necessary for an understanding of the present invention in order not to obscure the present invention.
[0028]
Although the above-described embodiment is a preferred embodiment, many modifications will be apparent to those skilled in the art. For example, other methods for service and control switching may be used. The provision of SS7 and SS7 with SCP is not required for other embodiments of the present invention. Further, an ISN platform is not required in other embodiments. In another embodiment, the fraudulent ANI may be stored in a separate database that is used when routing special service calls rather than SMS.
[0029]
Although the invention has been described with reference to certain preferred embodiments, the invention is not limited to this particular embodiment, but on the contrary, the invention is intended to cover all inventions falling within the spirit and scope of the invention as defined by the appended claims. It is intended to cover modifications and equivalents and alternatives.
[Brief description of the drawings]
[0030]
The above and other objects, aspects and advantages will be better understood from the following detailed description of a preferred embodiment illustrated in the following drawings. In the drawings, like reference numbers indicate identical or functionally similar elements.
FIG. 1 is a schematic diagram of route control for long-distance telephone calls according to the prior art.
FIG. 2 is a schematic diagram of an exemplary path control for an illegal “800” number call.
FIG. 3 is a schematic diagram of an exemplary unauthorized “800” number telephone call routing in accordance with a preferred embodiment of the present system and method.

Claims (20)

A method for preventing fraudulent service call fraud in a telephone network,
a) maintaining at least one record, each record associated with a special service call number;
b) adding a starting number identification to the record;
c) blocking all calls to the ending special service call number when the start of the special service call is indicated by the start number identification in the record for the special service call number. The method of claim 1, wherein at least one record of step (a) is maintained in a service management system (SMS) database. The method of claim 1, wherein the starting number identification is an automatic number identification (ANI). The method of claim 1, wherein the ending special service call number is an "800" number. Step (b) further comprises:
Selecting at least one threshold for suspicious activity;
Monitoring calls on the network;
The method of claim 1, comprising placing a starting number identification in a record of an ending special service call when network activity for the starting number exceeds the at least one threshold for the ending special service call. A method for preventing special service call fraud in a long distance telephone system, wherein the telephone system is connected to a local telephone company (LEC) for transmitting local telephone traffic,
a) maintaining at least one record, each record associated with an ending special service call number;
b) adding the identification of the starting number in the LEC to the record;
c) blocking all calls to the ending special service call number when the start of the special service call is indicated by the start number identification in the record for the special service call number. Routing the special service call to a bridge switch via the long distance telephone system, wherein the bridge switch is under control of a call processing platform, wherein the call processing platform performs the blocking of step (c). The method of claim 6, wherein: 7. The method of claim 6, further comprising using at least an automatic switch to route a special service call through a long distance telephone system, wherein the automatic switch is under the control of an automatic switching and routing system. . 9. The method according to claim 8, wherein the automatic switching and routing system is a signaling system 7 (SS7). A device for preventing fraudulent calling of special services in a telephone system,
A database for maintaining at least one record, each record associated with one special service call number,
Means for entering a starting number identification in the record;
Apparatus including means for intercepting a special service call, wherein said special service call has a starting number corresponding to a starting number identification in a special service call number record. The means for blocking are further
Means for retrieving and storing said records from said database;
Means for extracting information from said means for retrieving and storing and contacting said means for retrieving and storing for transmitting said information to at least one switch;
A switch for switching at least one call to receive the information from the means for contacting and to block a special service call if the information so indicates;
A special service call is made to the at least one switch when a special service call is made from a start number to a corresponding special service call number and a record for the corresponding special service call number has a start number identification corresponding to the start number. The apparatus of claim 10, wherein the information indicates to block the special service call. In the Signaling System 7 (SS7) network, the database is a service management system (SMS) database, the means for searching is a service control point (SCP), and the means for contacting is a service switching and control point (SCP). 12. The device of claim 11, wherein the device is an SSCP). The means for blocking are further
An intelligent service network (ISN) platform for retrieving and storing said records from said database;
Under the control of the ISN platform, when the special service call has a starting number corresponding to the starting number identification in the special service call number record, the special service call is routed and switched, and the special service call is blocked. The apparatus of claim 10, comprising an automatic call distributor (ACD). The means for entering a starting number identification in the record further comprises:
Including fraud control console,
11. The apparatus of claim 10, wherein if network traffic exceeds at least one threshold, an alert is generated and the generated alert is reported to the rogue control console. The means for entering a starting number identification in the record further comprises:
11. The apparatus of claim 10, wherein when network traffic exceeds at least one threshold, a starting number identification includes an automatic fraud control program for determining whether to enter into the record. The apparatus according to claim 10, wherein the database for maintaining at least one record is a service management system (SMS) database. The apparatus of claim 10, wherein the special service call number is an "800" number. The apparatus according to claim 10, wherein the starting number identification is an automatic number identification (ANI). The apparatus of claim 10, wherein the telephone system includes at least one local telephone company (LEC) and an interchange carrier (IXC). The IXC includes a database for maintaining at least one record, a means for entering a starting number identification, and a means for intercepting a special service call, wherein at least one LEC has at least one starting number; The device according to claim 19.

Images